[X4U] Re: Wireless "theft"

Stroller MacMonster at myrealbox.com
Thu Jun 16 16:57:18 PDT 2005 

On Jun 16, 2005, at 9:51 pm, John Lyon wrote:

> I only use MAC filtering - WEP has proven to be such a PITA with my  
> wife and
> her PeeCees that it wasn't worth it.

OT: This PITA has been largely alleviated by Windows XP's service pack  
2. Make sure you're not using the manufacturer's wireless configuration  
tools, tho', but tick "allow Windows to manage this connection for me"  
instead. I appreciate this is irrelevant if you're using Windows 2000  
or stuck on 98.

> I figure MAC filtering will keep all but the most determined out of the
> network - and if they can crack MAC filtering, it's almost certain  
> they can
> crack WEP.

Personally, I disagree.

Spoofing a MAC address requires no cracking at all - it requires  
passive sniffing and just one network packet from an authorised laptop.

I believe the statement given elsewhere in this thread "WEP has been  
cracked in 3 minutes" refers to this article  
<http://www.tomsnetworking.com/Sections-article111.php>, in which it  
was actually undertaken by the FBI. They were using two laptops  
simultaneously to achieve this, were using some "not particularly  
stealthy attack" techniques, and normally expect it to take a little  
longer (only 5 - 10 minutes, but that's still a factor of 2 or 3).

When I cracked my neighbour's WEP, on the other hand, I sniffed  
passively until I had 30megs or so of packets and then brute-forced the  
key - as a consequence it took a couple of weeks. I was using a dual  
1.25 G4, but the software was probably poorly optimised; there are  
faster attacks, I believe, but this is the the simplest, and the  
easiest for a slightly-technical script-kiddie to undertake.

I would undoubtedly be able to hack a WEP network faster with practice,  
but spoofing a MAC address requires no cracking at all - if my  
neighbour had chosen to protect his network in this way I would have  
had the key the moment he used his laptop. Had my neighbour had chosen  
to protect his network in this way I could also read all his email  
without even bothering to use the network, because MAC address  
filtering doesn't do any encryption - it's just like those  
old-fashioned mobile or portable phones that you can listen to with  
your FM radio. Finally, filtering by MAC address leaves you open to the  
fiendish airpwn attack <http://www.evilscheme.org/defcon/>. It is  
completely obvious when a network is protected by MAC address  
filtering.

This is all clearly a matter of opinion, but mine is that WEP has a  
slight edge, and might be just enough to prevent a  
slightly-more-technical-than-most-but-not-yet-very-experienced-at- 
cracking teenager hacking you or beaming pornographic images at your  
family.

If I might rephrase your statement:
   MAC filtering will keep all but the determined out of the network
   WEP encryption will keep all but the most determined out of the  
network
   WPA encryption will keep all but the very most determined out of the  
network

Stroller.

More information about the X4U mailing list